Presentation Description

Comments

Presentation Transcript

DNS Poisoning :

What is DNS Poisoning :

What is DNS Poisoning DNS is Domain Name System
What It Does is convert the Url you put into your address bar into a ip address.
Example Google.com would be translates to http://72.14.204.103/

What is DNS Poisoning :

What is DNS Poisoning

What is DNS Poisoning :

What is DNS Poisoning Dns Poisoning Allows you redirect the traffic.
So instead of Google.com going to http://72.14.204.103/
you can redirect Google.com to go to http://209.191.122.70/.

What is DNS Poisoning :

What is DNS Poisoning DNS Cache Poisoning.
Computer sends request to Dns “What is the ip for google.com?”
The server send back “The ip for google.com is 72.14.204.103.”.
The computer gets an answer, and if the answer appears to match the question it asked, completely trusts that it is correct.

What is DNS Poisoning :

What is DNS Poisoning Computer sends request to Dns “What is the ip for google.com?”
The attacker sends back “The ip for google.com is 89.90.28.23” Before the server send back “The ip for google.com is 72.14.204.103.”.
The Cache is now poisoned.

What is DNS Poisoning :

What is DNS Poisoning To Spoof you must match the following Attributes:
Returns to same ip was sent to. Know
Answer matches question asked. Know
Returns with same port number was sent from. Not Know
And the unique transaction number matches. Not Know

Dan Kaminsky :

Dan Kaminsky Dan Kaminsky worked for Cisco and also a Pen tester.
Dan Kaminsky discovered a flaw in Dns portocol.
The DNS had only 65,536 possible transaction ID’s allowing it to be guessed.
Dan was not going to release the details untill 30 days after he patched it on July 21, 2008.
Developed DNSSE (Domain Name System Security Extensions) Giving DNS security;

How Does This Work :

How Does This Work Local Dns Servers cache address so request don’t go to the internet everytime; but if the request isn’t know is sent to the internet DNS.

Todays DNS Poisoning :

Todays DNS Poisoning Since patched with the DNSSE in July 21, 2008.
hackers have developed DNS spoofing. Dns spoofing: “Setting up your own machine to pretend to be a legitmate DNS server directing traffic where ever you'd like it to go”

Dns Spoofing :

Dns Spoofing Dns spoofing: “Setting up your own machine to pretend to be a legitmate DNS server directing traffic where ever you'd like it to go”

How Do We DNS Spoof? :

How Do We DNS Spoof? One way to preform a Dns Spoof attack is to use a program know as Cain.

How Do We DNS Spoof? :

How Do We DNS Spoof? The Setup

How Do We DNS Spoof? :

How Do We DNS Spoof? First we go to Sniffer Tab Config you adaptor; then you preform a scan.
Now we are going to enable the Arp table by clicking the arp tab at the bottom.

How Do We DNS Spoof? :

How Do We DNS Spoof? Now in the arp table click the + symbol at the top.
In the table click the gateway(left) and the victim(right).

How Do We DNS Spoof? :

How Do We DNS Spoof? On the left side menu select Arp-Dns and click the + button.
Now you will put the web address you want to be redirected in the Dns Name Requested textbox. Now click Resolve and put in the address you want it to lead to.

How Do We DNS Spoof? :

How Do We DNS Spoof? Now click the poison button and you are done.

Why? :

Why? The main reason people DNS poison/spoof is to redirect the victim to harmful sites; for example phishing sites.